CVE-2024-3652
IKEv1 default AH/ESP responder can cause libreswan to abort and restart
We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.
Please see our statement on Data Privacy.
IKEv1 default AH/ESP responder can cause libreswan to abort and restart
The Libreswan Project was notified of an issue causing libreswan to restart when using IKEv1 without specifying an esp= line. When the peer requests AES-GMAC, libreswan's default proposal handler causes an assertion failure and crashes and restarts. IKEv2 connections are not affected.
Reserved 2024-04-11 | Published 2024-04-11 | Updated 2024-10-29 | Assigner libreswanIKEv1 with default AH/ESP configuration can cause libreswan to abort and restart
| 2024-03-24: | Issue reported publicly by github user X1AOxiang via https://github.com/libreswan/libreswan/issues/1665 |
| 2024-03-27: | Fix published in commit 03caa63de1e3 (as issue was already public via githb issue) |
| 2024-04-10: | Advanced notice given to support customers and distributions |
| 2024-04-12: | CVE-2024-3652 published |
github user X1AOxiang
libreswan.org/security/CVE-2024-3652 (CVE-2024-3652)
www.openwall.com/lists/oss-security/2024/04/18/2
Support options
